Weekly Exploit Roundup

Generated 2026-01-27T08:00:18.127362+00:00 (UTC)

1. Metasploit Wrap-Up 01/23/2026
   Source: Rapid7 Cybersecurity Blog | Published: 2026-01-23T21:00:28+00:00 | Score: 22.83
   Oracle E-Business Suite Unauth RCE This week, we are pleased to announce the addition of a module that exploits CVE-2025-61882, a pre-authentication remote code execution vulnerability in Oracle E-Business Suite versions 12.2.3 through 12.2.14. The exploit chains multiple flaws—including SSRF, path traversal, HTTP request smuggling, and XSLT injection—to coerce the target into fetching and executing a malicious XSL file hosted by the attacker. Successful exploitation results in arbitrary command execution and an interactive shell on both Linux/Unix and Windows targets. The module is reliable, repeatable, and we here at Metasploit hope you enjoy it, happy hacking! New module content (3) Authenticated RCE in Splunk (splunk_archiver app) Authors: Alex Hordijk, Maksim Rogov, and psytester Type: Exploit Pull request: #20770 contributed by vognik Path: linux/http/splunk_auth_rce_cve_2024_36985 AttackerKB reference: CVE-2024-36985 Description: This adds two separate Metasploit exploit modules
2. Cisco Fixes Actively Exploited Zero-Day CVE-2026-20045 in Unified CM and Webex
   Source: The Hacker News | Published: 2026-01-22T04:06:00+00:00 | Score: 21.912
   Cisco has released fresh patches to address what it described as a "critical" security vulnerability impacting multiple Unified Communications (CM) products and Webex Calling Dedicated Instance that it has been actively exploited as a zero-day in the wild.
   The vulnerability, CVE-2026-20045 (CVSS score: 8.2), could permit an unauthenticated remote attacker to execute arbitrary commands on the
3. CISA says critical VMware RCE flaw now actively exploited
   Source: BleepingComputer | Published: 2026-01-26T11:49:41+00:00 | Score: 19.599
   CISA has flagged a critical VMware vCenter Server vulnerability as actively exploited and ordered U.S. federal agencies to secure their servers within three weeks. […]
4. CISA Adds Actively Exploited VMware vCenter Flaw CVE-2024-37079 to KEV Catalog
   Source: The Hacker News | Published: 2026-01-24T08:09:00+00:00 | Score: 19.461
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a critical security flaw affecting Broadcom VMware vCenter Server that was patched in June 2024 to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
   The vulnerability in question is CVE-2024-37079 (CVSS score: 9.8), which refers to a heap overflow in the
5. Microsoft patches actively exploited Office zero-day vulnerability
   Source: BleepingComputer | Published: 2026-01-26T18:20:35+00:00 | Score: 18.793
   Microsoft has released emergency security updates to patch a high-severity Office zero-day vulnerability exploited in attacks. […]
6. Zoom and GitLab Release Security Updates Fixing RCE, DoS, and 2FA Bypass Flaws
   Source: The Hacker News | Published: 2026-01-21T15:42:00+00:00 | Score: 17.043
   Zoom and GitLab have released security updates to resolve a number of security vulnerabilities that could result in denial-of-service (DoS) and remote code execution.
   The most severe of the lot is a critical security flaw impacting Zoom Node Multimedia Routers (MMRs) that could permit a meeting participant to conduct remote code execution attacks. The vulnerability, tracked as CVE-2026-22844
7. CISA Updates KEV Catalog with Four Actively Exploited Software Vulnerabilities
   Source: The Hacker News | Published: 2026-01-23T15:24:00+00:00 | Score: 16.963
   The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added four security flaws to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation in the wild.
   The list of vulnerabilities is as follows –

   CVE-2025-68645 (CVSS score: 8.8) – A PHP remote file inclusion vulnerability in Synacor Zimbra Collaboration Suite (ZCS) that could allow a

8. 2024 VMware Flaw Now in Attackers’ Crosshairs
   Source: SecurityWeek | Published: 2026-01-26T05:28:19+00:00 | Score: 15.91
   The critical-severity vulnerability can be exploited via crafted network packets for remote code execution. The post 2024 VMware Flaw Now in Attackers’ Crosshairs appeared first on SecurityWeek .
9. Nearly 800,000 Telnet servers exposed to remote attacks
   Source: BleepingComputer | Published: 2026-01-26T15:19:14+00:00 | Score: 13.003
   Internet security watchdog Shadowserver tracks nearly 800,000 IP addresses with Telnet fingerprints amid ongoing attacks exploiting a critical authentication bypass vulnerability in the GNU InetUtils telnetd server. […]
10. SmarterMail Auth Bypass Exploited in the Wild Two Days After Patch Release
    Source: The Hacker News | Published: 2026-01-22T09:46:00+00:00 | Score: 12.581
    A new security flaw in SmarterTools SmarterMail email software has come under active exploitation in the wild, two days after the release of a patch.
    The vulnerability, which currently does not have a CVE identifier, is tracked by watchTowr Labs as WT-2026-0001. It was patched by SmarterTools on January 15, 2026, with Build 9511, following responsible disclosure by the exposure management

End of report.